This question comes to you from the the common WindowsNT advice that "I", as the computer administrator, should login with a normal unprivileged user account for day to day use. Does this concept have ...

[This is a duplicate, considered off-topic at http://stackoverflow.com/questions/26564992/should-email-verification-be-followed-by-password-based-login-why]
A typical account creation process seems ...

In a web application, accessed by browser via https, users need to be able to access data stored on a server in a MySQL database.
Data has to be encrypted for several groups of users, where one group ...

I'm trying to implement some security access control in a software I'm building. I came across Stormpath for user management and they have somewhat an approach for RBAC yet what I was considering is ...

I'm working on a small web service that provides some functionality that can be embedded in a web page with an iframe. As this is a subscription-based service, I'd like to be able to manage who can ...

Within the design of my web application, I am trying to now choose the final steps of the members profiles for security. *I need to choose if I should use a system which you login with a username or ...

Lets say a web application has four user roles. Standard, Supervisor, Manager and Administrator.
Should a manager be able to promote someone else to a Manager, or only to a supervisor?
I realize in ...

I am currently working on functionality that will allow users to reset their passwords. My question pertains to the security in putting user ID's (a.k.a the auto increment ID's from database) in the ...

I've read elsewhere (http://forums.udacity.com/questions/6028436/bcrypt-not-suitable-for-pythongae) that bcrypt is not suitable for use on Google App Engine. What are some good ways to create a user ...

I had a conversation today and someone challenged me as to why you would need to verify the identity of a user calling a service desk with anything other than their company email. Granted I know these ...

Most tablets, and iPads in particular, are typically single user devices.
Scenario: A service business that interacts directly with customers in person and wants to use iPads while interacting with ...